[UPHPU] PHP Vulnerability

Fri Dec 17 14:34:28 MST 2004

I'm sure many of you saw this today:

 http://developers.slashdot.org/article.pl?sid=04/12/17/1641212&tid=169&tid=172

If upgrading to PHP5 is not an option, what the heck am I supposed to do
about this? I maintain a web app that has to work in a multiplicity of
different environments, not just Apache/Linux/PHP4. Is there something I
can do in my php code to prevent this exploit? In one case, I am using
unserialize() to unserialize data directly from a POST. I could probably
rewrite the code to not use the POST data, but what option do I have if
that is not possible? Anyone?

--Dave